This invention is related to the field of electronic messaging systems, and more particularly to a method and apparatus for creating an electronic userid.
Junk e-mail or unsolicited bulk e-mail (xe2x80x9cUBExe2x80x9d), referred to hereafter as xe2x80x9cspamxe2x80x9d, has become a significant problem. Users of electronic messaging applications are barraged with spam on a daily basis by spammers (those who create and send spam). Spammers usually advertise sham wares, services, pyramid schemes, and, even worse, they send electronic viruses.
Spam has grown in popularity for a number of reasons. Primarily, it is a low cost and fast medium through which messages can be delivered. Further, the ease with which a spammer can harvest e-mail addresses, for example, from joke lists, newsgroups, web pages and cookies, provides a steadily expanding audience to which spam can be directed.
Filters have been proposed and a few developed that attempt to reduce or eliminate spam from a user""s mail host and/or e-mail client.
One type of spam filter is a sender filter. The sender filter rejects all messages from an untrusted source, such as by way of an authorized or an unauthorized sender list. Inbound e-mail messages are simply rejected based upon the source of the message (e.g., the xe2x80x9cfrom:xe2x80x9d address of a message header). A major problem with the sender filter is that the sender""s identity is frequently spoofed as either a random sender (which bypasses the unauthorized sender list) or as a sender unlikely to be rejected (which bypasses the authorized sender list.)
Another example of a spam filter is a context filter. A context filter examines a message body or a message subject header and removes messages based upon key words or phrases a spammer is likely to include in the message (e.g., xe2x80x9cget richxe2x80x9d, xe2x80x9cwork from homexe2x80x9d, xe2x80x9ccall now xe2x80x9d, xe2x80x9cpornxe2x80x9d, xe2x80x9cxxxxe2x80x9d, etc.) A problem with context filters is that linguistic rules must be set up for a particular user in a particular environment. Moreover, language or context alone is inherently imprecise. Thus, context type filters generally suffer from an over-inclusiveness problemxe2x80x94meaning they filter more messages than they should because legitimate messages occasionally match the linguistic rules of the context filter.
Still another approach is the use of traditional encryption/decryption technology. Traditional encryption/decryption technology includes the use of shared encryption/decryption algorithms or keys (e.g., asymmetric or symmetric encryption). For example, in an asymmetric encryption/decryption system, a sender encrypts a message body using the intended recipient""s public key. The recipient receives the encrypted message and decrypts it using her private key. A problem with this technique is that special equipment is required by both the sender and receiverxe2x80x94such as proprietary software or hardware. In a symmetric encryption solution, a secret key is shared between the sender and recipient. A problem here is that the shared key can easily be compromised. Moreover, encryption/decryption solutions can be computationally expensive and difficult to manage as compared to the low value of most e-mail messages. Some encryption/decryption solutions even require multiple handshaking and/or a real-time connection between the sender and receiver.
There is a need for a secure and trusted technique for identifying and filtering unauthorized electronic messages.
A method and apparatus for an adapted digital signature is provided. According to an aspect of the present invention, the adapted digital signature is generated using a digital signature engine and an adaptation algorithm.
According to one embodiment, a method for creating an adapted digital signature comprises: retrieving an originator key, the originator key corresponding to a local userid; running a digital signature engine to create a digital signature, the digital signature based on at least the originator key and remote user information; retrieving a word from a word list, the word indexed to at least a portion of the digital signature; and returning at least the word as the adapted digital signature.
According to another embodiment, a method for verifying an adapted digital signature comprises: retrieving an originator key based on a first portion of address information; generating an adapted digital signature based on the originator key and a second portion of the address information; comparing a third portion of the address information to the adapted digital signature; and accepting the electronic message if the third portion of the address information and the adapted digital signature match.
According to another embodiment, an electronic message system comprises: an authenticated message server configured to remove inbound electronic messages if an authenticated electronic userid cannot be verified; and a mail host coupled to the authenticated message server; and wherein the authenticated message server is configured to remove inbound electronic messages by performing the acts of: generating an adapted digital signature; comparing a portion of an inbound electronic message to the adapted digital signature; and rejecting the inbound electronic message if the portion of the inbound electronic message and the adapted digital signature do not match.